diff options
| -rwxr-xr-x | page.cgi | 13 | ||||
| -rw-r--r-- | template/en/default/global/code-error.html.tmpl | 5 | ||||
| -rw-r--r-- | template/en/default/pages/linked.html.tmpl | 6 |
3 files changed, 18 insertions, 6 deletions
@@ -42,14 +42,19 @@ Bugzilla->login(); my $cgi = Bugzilla->cgi; -if ($::FORM{'id'}) { +my $id = $cgi->param('id'); +if ($id) { # Remove all dodgy chars, and split into name and ctype. - $::FORM{'id'} =~ s/[^\w\-\.]//g; - $::FORM{'id'} =~ /(.*)\.(.*)/; + $id =~ s/[^\w\-\.]//g; + $id =~ /(.*)\.(.*)/; + if (!$2) { + # if this regexp fails to match completely, something bad came in + ThrowCodeError("bad_page_cgi_id", { "page_id" => $id }); + } my $format = GetFormat("pages/$1", undef, $2); - $vars->{'form'} = \%::FORM; + $cgi->param('id', $id); print $cgi->header($format->{'ctype'}); diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 342d67102..c5233b8e8 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -56,6 +56,11 @@ [% ELSIF error == "authres_unhandled" %] An authorization handler return value was not handled by the login code. + [% ELSIF error == "bad_page_cgi_id" %] + [% title = "Invalid Page ID" %] + The ID <code>[% page_id FILTER html %]</code> is not a + valid page identifier. + [% ELSIF error == "bug_error" %] Trying to retrieve [% terms.bug %] [%+ bug.bug_id FILTER html %] returned the error [% bug.error FILTER html %]. diff --git a/template/en/default/pages/linked.html.tmpl b/template/en/default/pages/linked.html.tmpl index 2a3521a35..fcb5ee9d0 100644 --- a/template/en/default/pages/linked.html.tmpl +++ b/template/en/default/pages/linked.html.tmpl @@ -21,6 +21,8 @@ #%] [% INCLUDE global/header.html.tmpl title = "Your Linkified Text" %] +[% USE Bugzilla %] +[% cgi = Bugzilla.cgi %] <p> Copy and paste the text below: @@ -30,7 +32,7 @@ <p> <pre> -[%- form.text FILTER quoteUrls FILTER html -%] +[%- cgi.param("text") FILTER quoteUrls FILTER html -%] </pre> </p> @@ -45,7 +47,7 @@ <p> <pre> -[%- form.text FILTER quoteUrls -%] +[%- cgi.param("text") FILTER quoteUrls -%] </pre> </p> |